1. Field of the Invention
The present invention relates generally to data processing, and more particularly but not exclusively to anti-phishing techniques.
2. Description of the Background Art
Various financial transactions may be performed over the Internet. Examples of these financial transactions include online banking, sending or receiving of payments for product purchases (e.g., use of PayPal™ system), credit card purchases, and so on. Unfortunately, the convenience of performing online financial transactions over the Internet not only attracts legitimate users but fraudsters as well.
Fraudsters gain access to online financial accounts of their victims using a variety of techniques including by “phishing.” Phishing is a kind of social engineering that involves some form of misrepresentation. In a typical phishing attack, the victim receives an email falsely claiming to be from the victim's financial institution. The email is made to look convincingly real, oftentimes complete with the look and feel of emails, from the financial institution. The email includes a link to the fraudster's website, also referred to as “phishing site,” that serves a web page where the victim enters confidential financial account information (e.g., login ID and password) thinking he is providing the information to his financial institution. The web page from the phishing site, like the email linking to it, is made to look authentic.
Anti-phishing techniques have been developed to combat phishing attacks. One way of combating phishing is to create and maintain a database of known phishing sites. The database serves as a blacklist that may be consulted to alert users if they visit a potentially dangerous website. While effective for the most part, this solution can only detect some known phishing attacks because phishing sites, like other web servers on the Internet, can be relocated rather easily. Furthermore, it may be difficult to keep up with the increasing number of phishing sites.
Web browsers may be equipped with tools that clearly display the characteristics of a website being accessed, such as domain name, security lock state etc. While these tools can help users evaluate a website, the tools themselves generally cannot identify a phishing site.
Phishing may be identified by looking for phishing characteristics. For example, an anti-phishing technique may check some attributes of a website being accessed, such as uniform resource locator (URL), hosting location, owner, page content, browser security lock state etc. Unfortunately, because some legitimate websites share characteristics with fraudulent websites, relying on phishing characteristics may result in a large number of false positives (i.e., erroneous identification of a legitimate site as fraudulent). Furthermore, sophisticated phishing attacks specifically minimize known phishing characteristics.
Sensitive transactions may employ additional authentication mechanisms as a precautionary measure against phishing. Examples of such additional authentication mechanisms include hardware tokens that provide challenge/response authentication, smart cards with the public key cryptography, use of text messaging as an additional authentication channel, and so on. While effective for the most part, these techniques have relatively high implementation and maintenance costs and are cumbersome to the user.